The bombe, an electromechanical device used by British cryptologists to help break German Enigma-machine-generated signals during World War II, was designed by Alan Turing.
Garrett Coakley / Flickr

Of all of the revelations about the NSA that have come to light in recent months, two stand out as the most worrisome and surprising to cybersecurity experts. The first is that the NSA has worked to weaken the international cryptographic standards that define how computers secure communications and data. The second is that the NSA has deliberately introduced backdoors into security-critical software and hardware. If the NSA has indeed engaged in such activities, it has risked the computer security of the United States (and the world) as much as any malicious attacks have to date.

No one is surprised that the NSA breaks codes; the agency is famous for its cryptanalytic prowess. And, in general, the race between designers who try to build strong codes and cryptanalysts who try to break them ultimately benefits security. But surreptitiously implanting deliberate weaknesses or actively encouraging the public to use codes that

This article is part of our premium archives.

To continue reading and get full access to our entire archive, you must subscribe.

  • NADIA HENINGER is an assistant professor of computer and information science at the University of Pennsylvania, where her research focuses on cryptography and security. J. ALEX HALDERMAN is an assistant professor of computer science and engineering at the University of Michigan, where his research focuses on computer security and public policy.
  • More By Nadia Heninger
  • More By J. Alex Halderman